Highlights of Report
Number: 2008-20-134 to the Internal
Revenue Service Chief Information Officer.

IMPACT ON TAXPAYERS

The Internal Revenue Service (IRS) estimated that it would spend $1.4 billion for information
technology (IT) products and services in Fiscal Year 2007.While the IRS has made progress in implementing its
IT enterprise governance structure, additional actions are needed to address
current weaknesses in providing effective oversight and management of all
IT projects.This will help to ensure that the IRS uses
funds efficiently and effectively to provide oversight and control of all IT projects.

WHY TIGTA DID THE AUDIT

This audit was initiated as part of the TIGTA Fiscal
Year 2007 Annual Audit Plan for coverage of IRS modernization efforts.The overall objective of this review was to
determine whether the IRS has established and is following adequate internal
controls to manage all IT investment projects within the new enterprise
governance model in support of the IRS mission and goals.

WHAT
TIGTA FOUND

In Fiscal Year 2006, the IRS expanded the roles and
responsibilities of the Program Control and Process Management Division to
incorporate and establish direction for the new enterprise governance
model.Since then, the IRS has made
significant progress in directing, developing, and implementing tiered-program
management activities.For example, it
has 1) developed and distributed standardized reporting templates with
documented processes and procedures for the executive steering committees, and 2)
created a master listing of IT projects to track and assign oversight.Each IRS organization has formed or is
planning to form its own individual Program Management Office to execute the
new tiered-program management processes and procedures while providing oversight
and management to assigned IT projects.

Although the IRS has made progress in
implementing its tiered-program management structure, additional actions are
needed to address current weaknesses in providing effective oversight and
management of all IT projects.The IRS
has not 1) fully documented policies and procedures for developing a complete
portfolio of IT projects, 2) completed the setup of Program Management Offices
for all IRS organizations, 3) fully implemented the health assessment process,
or 4) provided consistent and continual monitoring and oversight of major IT
projects through the executive steering committees.Completing actions to address these
conditions will help ensure that the enterprise tiered-program management
structure provides effective oversight and control of all IT projects.

WHAT TIGTA RECOMMENDED

TIGTA recommended that
the Chief Information Officer 1) work with other IRS executives to develop a
complete and accurate master IT project list with a standard set of IT terms
that have been approved and communicated to all IRS organizations, 2) ensure that
the proposed governance directive is approved and communicated through all
levels of the IRS, 3) establish formal policies and procedures to ensure that the
health assessment process is consistently applied and followed across all IRS
organizations, and 4) ensure that policies and procedures are developed or
revised to require that control organizations review all assigned major IT
projects monthly and present projects to the appropriate governance board’s
attention when established thresholds are exceeded.

In their response to the report,
IRS officials agreed with our recommendations.They plan to 1)
incorporate projects and operational applications into the IRS portfolio and
develop, approve, and communicate formal policies and procedures to continually
update the portfolio and a standard set of IT terms, 2) obtain approval of the
governance directive and communicate guidance to foster enterprise-wide
adherence to the governance process, 3) conduct an enterprise-wide campaign of
education and sustained support for the control organizations to ensure
consistency of the health assessment process, and 4) ensure that all assigned
major IT projects are reviewed monthly and are presented to the appropriate
governance board’s attention when established thresholds are exceeded.

READ THE
FULL REPORT

To view the report,
including the scope, methodology, and full IRS response, go to: